Installing from a Downloaded Binaryedit
The Logstash binaries are available from https://www.elastic.co/downloads. Download the Logstash installation file for your host environment—TAR.GZ, DEB, ZIP, or RPM.
Unpack the file. Do not install Logstash into a directory path that contains colon (:) characters.
These packages are free to use under the Elastic license. They contain open source and free commercial features and access to paid commercial features. Start a 30-day trial to try out all of the paid commercial features. See the Subscriptions page for information about Elastic license levels.
Alternatively, you can download an
oss package, which contains only features
that are available under the Apache 2.0 license.
On supported Linux operating systems, you can use a package manager to install Logstash.
Installing from Package Repositoriesedit
We also have repositories available for APT and YUM based distributions. Note that we only provide binary packages, but no source packages, as the packages are created as part of the Logstash build.
We have split the Logstash package repositories by version into separate urls to avoid accidental upgrades across major versions. For all 8.x.y releases use 8.x as version number.
We use the PGP key D88E42B4, Elastic’s Signing Key, with fingerprint
4609 5ACC 8548 582C 1A26 99A9 D27D 666C D88E 42B4
to sign all our packages. It is available from https://pgp.mit.edu.
When installing from a package repository (or from the DEB or RPM installation file), you will need to run Logstash as a service. Please refer to Running Logstash as a Service for more information.
For testing purposes, you may still run Logstash from the command line, but you may need to define the default setting options (described in Logstash Directory Layout) manually. Please refer to Running Logstash from the Command Line for more information.
Download and install the Public Signing Key:
wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo gpg --dearmor -o /usr/share/keyrings/elastic-keyring.gpg
You may need to install the
apt-transport-https package on Debian before proceeding:
sudo apt-get install apt-transport-https
Save the repository definition to
echo "deb [signed-by=/usr/share/keyrings/elastic-keyring.gpg] https://artifacts.elastic.co/packages/8.x/apt stable main" | sudo tee -a /etc/apt/sources.list.d/elastic-8.x.list
echo method described above to add the Logstash repository. Do not
add-apt-repository as it will add a
deb-src entry as well, but we do not
provide a source package. If you have added the
deb-src entry, you will see an
error like the following:
Unable to find expected entry 'main/source/Sources' in Release file (Wrong sources.list entry or malformed file)
Just delete the
deb-src entry from the
/etc/apt/sources.list file and the
installation should work as expected.
sudo apt-get update and the repository is ready for use. You can install
sudo apt-get update && sudo apt-get install logstash
See Running Logstash for details about managing Logstash as a system service.
Download and install the public signing key:
sudo rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch
Add the following in your
in a file with a
.repo suffix, for example
[logstash-8.x] name=Elastic repository for 8.x packages baseurl=https://artifacts.elastic.co/packages/8.x/yum gpgcheck=1 gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch enabled=1 autorefresh=1 type=rpm-md
And your repository is ready for use. You can install it with:
sudo yum install logstash
The repositories do not work with older rpm based distributions that still use RPM v3, like CentOS5.
See the Running Logstash document for managing Logstash as a system service.
Images are available for running Logstash as a Docker container. They are available from the Elastic Docker registry.
See Running Logstash on Docker for details on how to configure and run Logstash Docker containers.
Intro to Kibana
ELK for Logs & Metrics